Special group logon tracking

US 7,690,036 B2
Filed: 12/12/2005
Issued: 03/30/2010
Est. Priority Date: 12/12/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of generating a computer user activity log, the method comprising:

receiving a user login, verifying user account credentials, and creating a login session;

identifying for the user one or more groups to which the user was previously assigned;

in response to identifying for the user one or more groups to which the user was previously assigned, creating a token, the token comprising data representing the one or more groups to which the user was previously assigned;

determining if the one or more groups to which the user was previously assigned includes a group to be monitored; and

creating an audit record for the login session if the one or more groups to which the user was previously assigned is a group to be monitored.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of generating a computer user activity log for a user belonging to a specially monitored group includes allowing a user to logon to a local computer. The local computer verifying the user account credentials and creating a user logon session. A token is created by the local computer for identification of any group membership with which the user associated and also having the user access privileges. The group information in the token is compared with a specially monitored group list. The specially monitored group list may be obtained from a domain server or may be configured locally. If the user has membership in the specially monitored group, then a special logon session is created and activities of the user are recorded.

9 Citations

View as Search Results

20 Claims

1. A computer-implemented method of generating a computer user activity log, the method comprising:
- receiving a user login, verifying user account credentials, and creating a login session;
  
  identifying for the user one or more groups to which the user was previously assigned;
  
  in response to identifying for the user one or more groups to which the user was previously assigned, creating a token, the token comprising data representing the one or more groups to which the user was previously assigned;
  
  determining if the one or more groups to which the user was previously assigned includes a group to be monitored; and
  
  creating an audit record for the login session if the one or more groups to which the user was previously assigned is a group to be monitored.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein identifying the user as a member of at least one group comprises correlating the user with a list of groups stored in an audit policy.
  - 3. The method of claim 2, wherein the audit policy is stored locally on the computer.
  - 4. The method of claim 1, wherein creating a token further comprises creating a data structure that lists computer resource access privileges of the user.
  - 5. The method of claim 4, wherein the token further comprises a locally unique identifier for the login session.
  - 6. The method of claim 1, wherein determining if the one or more groups to which the user was previously assigned includes a group to be monitored comprises checking token group data against a list of groups to be specially monitored.
  - 7. The method of claim 6, wherein the list of groups to be specially monitored is derived from an audit policy, wherein the audit policy is editable by a system administrator.
  - 8. The method of claim 1, wherein determining if the one or more groups to which the user was previously assigned includes a group to be monitored comprises:
    - accessing a domain server having an audit policy comprising a list of groups to be specially monitored; and
      
      comparing the one or more groups to which the user was previously assigned against the list of groups associated with an audit policy, wherein the list and audit policy are editable by a system administrator.
  - 9. The method of claim 1, wherein creating an audit record for the login session if the user is a member of a group to be monitored comprises creating an audit record comprising user identification data, the group to be monitored, a locally unique identifier for the login session and login session activities.

10. A computer system to monitor computer activities of a user having membership to a specially monitored group, the system comprising:
- a CPU responsive to a request by a user to create a login session;
  
  a local data storage device, the local storage device having a first list of users, the first list of users comprising associations for each user at least one group to which the user was previously assigned;
  
  an interface to a domain server, the domain server having a second list, the second list comprising a list of groups to be specially monitored;
  
  wherein the CPU executes a login software program that uses the first list to determine for each user the at least one group to which the user was previously assigned, communicates with the domain server to determine if the at least one group to which the user was previously assigned is identified for monitoring using the second list, and creates an audit record of the login session of the user if the at least one group to which the user was previously assigned is identified as a specially monitored group.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system of claim 10, further comprising a token created upon login of a user, the token comprising data associated with the at least one group to which the user was previously assigned and data associated with access control of computer resources corresponding to user privileges.
  - 12. The system of claim 10, wherein the interface to the domain server is used to initially load the local storage device with the first list.
  - 13. The system of claim 10, wherein the first list comprises one of a registry, a file, or a database.
  - 14. The system of claim 10, wherein the audit record of the user session comprises user identification data, the group to be monitored, a locally unique identifier for the login session and login session activities.
  - 15. The system of claim 14, wherein the locally unique identifier allows later correlation with other records associated with the user.

16. A computer-readable storage medium having computer-executable instructions for performing a method of generating a computer user activity log, the method comprising:
- receiving a user login, verifying user account credentials, and creating a login session;
  
  identifying for the user one or more groups to which the user was previously assigned;
  
  in response to identifying for the user one or more groups to which the user was previously assigned, creating a token, the token comprising data representing group membership identifying the one or more groups to which the user was previously assigned;
  
  determining if the group membership includes a group to be monitored; and
  
  creating an audit record for the login session if the user is a member of a group to be monitored, wherein the audit record comprises;
  
  a locally unique identifier useful to correlate other records with activities of the user;
  
  a user identifier;
  
  the group to be monitored;
  
  a login session; and
  
  activities of the user.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer-readable storage medium of claim 16, wherein the step of identifying for the user one or more groups to which the user was previously assigned comprises correlating the user with a list of groups stored in an audit policy.
  - 18. The computer-readable storage medium of claim 16, wherein the step of creating a token further comprises a data structure that lists computer resource access privileges of the user.
  - 19. The computer-readable storage medium of claim 16, wherein the step of determining if the group membership data includes a group to be monitored comprises checking the token group against a specially monitored group identified using an audit policy, wherein the audit policy is editable by a system administrator.
  - 20. The computer-readable storage medium of claim 16, wherein the step of determining if the group membership data includes a group to be monitored comprisesaccessing a domain server having an audit policy comprising a list of groups to be specially monitored;
    - andcomparing the token group membership data against the list of groups associated with an audit policy, wherein the list and audit policy are editable by a system administrator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Fitzgerald, Eric, Malpani, Raghavendra
Primary Examiner(s)
LAFORGIA, CHRISTIAN A

Application Number

US11/301,304
Publication Number

US 20070136798A1
Time in Patent Office

1,569 Days
Field of Search

726/7, 726/22, 709/225
US Class Current

726/22
CPC Class Codes

G06F 21/316 by observing the pattern of...

Special group logon tracking

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Special group logon tracking

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links